I'm not surprised, actually: This is a frightening headline: 73 Percent of Medical Professionals Share Passwords for EHR Access. If you're a medical resident, you used the attending's login information with the attending's consent.

So, it happens. A lot. But not a lot of bad comes out of it, since most (maybe virtually all) medical professionals do the right thing: access only what you need, access only for legitimate purposes, etc.

Still, even residents should have their own login information. You can't audit access if you have password sharing. And if something does go wrong, it could go very, very wrong, and it would be awfully difficult to fix post-facto.

Maybe it's really time for two-factor authentication in many more places.

Jeff [12:36 PM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template